Filtered by vendor Telegram
Subscriptions
Total
35 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-30496 | 1 Telegram | 1 Telegram | 2024-08-03 | 5.7 Medium |
The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the vendor's perspective is that "this behavior can't be considered a vulnerability." | ||||
CVE-2021-31315 | 1 Telegram | 1 Telegram | 2024-08-03 | 5.5 Medium |
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker. | ||||
CVE-2021-31322 | 1 Telegram | 1 Telegram | 2024-08-03 | 5.5 Medium |
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. | ||||
CVE-2021-31321 | 1 Telegram | 1 Telegram | 2024-08-03 | 7.1 High |
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker. | ||||
CVE-2021-31318 | 1 Telegram | 1 Telegram | 2024-08-03 | 5.5 Medium |
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. | ||||
CVE-2021-31320 | 1 Telegram | 1 Telegram | 2024-08-03 | 7.1 High |
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rlottie library. A remote attacker might be able to overwrite heap memory out-of-bounds on a victim device via a malicious animated sticker. | ||||
CVE-2021-31317 | 1 Telegram | 1 Telegram | 2024-08-03 | 5.5 Medium |
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device via a malicious animated sticker. | ||||
CVE-2021-31323 | 1 Telegram | 1 Telegram | 2024-08-03 | 5.5 Medium |
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. | ||||
CVE-2021-31319 | 1 Telegram | 1 Telegram | 2024-08-03 | 5.5 Medium |
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by an Integer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. | ||||
CVE-2021-27351 | 1 Telegram | 1 Telegram | 2024-08-03 | 5.3 Medium |
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. | ||||
CVE-2021-27204 | 2 Apple, Telegram | 2 Macos, Telegram | 2024-08-03 | 5.5 Medium |
Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure. | ||||
CVE-2021-27205 | 2 Apple, Telegram | 2 Macos, Telegram | 2024-08-03 | 5.5 Medium |
Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure. | ||||
CVE-2022-43363 | 1 Telegram | 1 Telegram | 2024-08-03 | 6.1 Medium |
Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS finding. | ||||
CVE-2023-34658 | 1 Telegram | 1 Telegram | 2024-08-02 | 5.3 Medium |
Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController. | ||||
CVE-2023-26818 | 1 Telegram | 1 Telegram | 2024-08-02 | 5.5 Medium |
Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag. |